Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0040 A number of vulnerabilities have been identified in Google Chrome 23 March 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows Mac OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-3057 CVE-2011-3056 CVE-2011-3055 CVE-2011-3054 CVE-2011-3053 CVE-2011-3052 CVE-2011-3051 CVE-2011-3050 CVE-2011-3045 Member content until: Sunday, April 22 2012 Reference: ESB-2012.0309 ESB-2012.0300 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 17.0.963.83. [1] IMPACT The vendor has provided the following details regarding these issues: "[$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. [$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. [$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. [$2000] [117550] High CVE-2011-3056: Cross-origin violation with magic iframe. Credit to Sergey Glazunov." MITIGATION The vendor recommends updating to the latest version of Google Chrome to correct these issues. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2012/03/stable-channel-update_21.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT2v9su4yVqjM2NGpAQL2RQ//fuPNt/scZeezrtioFP+G5BH5C6ypO+7S 46G9v3Fky+F4AVUw3KhKPHcnBGWI05lRKSvYF/AloFa5LalmG8HVxmxXDiv+lZGM 292spLKeE3WQ6C2bjPmgNsQCcjfQSbkqAVC2jBEpPXSR60lL6n+FV39kO2qj9hhh l2tLst8PFrDhEsIFeHhbJMXKRMp1DVSz/Y8Zar3T+6e26u3g2v0wwK2ahv5fhwm7 zpqZ2hUFUhW3hZNFTkZxd79v/F+OmJP+qtnAWv7ZF7scNdTbAT1wadoC9f5FfJ8a ZyN7iCPGg/Bqrczt1rc5nW3+oMhfHjb9fiYPUo5eW1qVpLB4LkZOBM0yFLy05UyR 6+sjr3VclHGM3gCJr3c0j0IQwWuwA1meF6lSp0bUVhXVyxWc+77eu+S4WaZQEpmm zuFy3PqZe5ciXVq7900yLUuEl3A2TUZqUpBuBWqtfF1K/QQfL/RfmbZX7CZf4hqd z9reh7Z8LTu2Char6CpMnawdm7v9dUmDwV/eYly7Gtk42D1OOOH4W+B722kX6i0N 3zI5mSBh0ufVihJX6uPsu2Erzm7hFkL0e0woHcBvj+cVykAwsHyV8wdVP81lJOJw qMlKbJJjLVZxx7Uh3xS+pRLsvFFWn+iftCCthWw8WM6svESLFJfbtjiHccCw9Kjz l/KahTkqe28= =UXQv -----END PGP SIGNATURE-----